A High-Feasibility Secure Routing against Malicious Peer in Structured P2P

As applications based on the structured peer-to-peer network have increased, the importance of security is increasing. Routing is the core of the structured peer-to-peer network, naturally which becomes the primary target of malicious nodes. ­e current attacks on the routing by malicious nodes are mainly sybil attacks, eclipse attacks, and routing table poisoning. In previous studies of defending above attacks, either adding redundancy to achieve security or sacricing network scalability for security. So we establish a mathematical model of the routing process, and through the model, we analyze sybil attacks, eclipse attacks, and routing table poisoning.­e same essence is found that these attacks all undermine the original convergence of the query path, and with the convergence detection, we propose the security mechanism HFS-Routing, and we design experiments and analyze the results. ­e results show that HFS-Routing has a lower overhead, better scalability, and higher detection rates for the malicious nodes, which is a highly feasibility mechanism.


Introduction
With the maturity of structured peer-to-peer networking technology represented by DHT, the application based on the peer-to-peer network has been rapidly developed, while most applications require that the network must have higher security.
erefore, many researchers gradually study the security issues of the peer-to-peer network.
DHT mainly maps the physical <ip: port> of the participating nodes to id by the HASH algorithm and then stores the corresponding < ip: port,id> in a distributed manner according to id, thereby maintaining a speci c logical structure; for example, the chord protocol maintains a logic Ring topology, Pastry protocol to maintain a logical tree topology. Resource sharing is the core service of P2P applications. Resource search e ciency has become the main measure of P2P performance. It is doubtless that search e ciency depends on routing protocols. In DHT, a mandatory convergence routing algorithm is commonly used to maintain topology. However, since the nodes can freely join the network, it is easy to undermine the convergence of the routing protocols. So the routing protocol security needs to be given priority protection.
Fujii, et al. pointed out that an attacker can easily insert a large number of malicious nodes into a structured peer-topeer network, which reduces the performance of routing [1]. To deal with this attack, a secure routing protocol is required. H.Ismail, et al. pointed out that routing constitutes the core function of P2P, and naturally, most threats attempt to destroy the peer routing table [2]. Eichert et al. pointed out that the main goal of a routing attack is to disable the p2p network from forwarding the message to the destination node [3]. Jaideep, et al. pointed out that the main attacks on peer-to-peer networks include sybil attacks, eclipse attacks, and pollution attacks [4].
In order to defend the attacks of malicious nodes on the routing, this paper presents a highly feasible routing mechanism named HFS-Routing, which can e ectively defend sybil attack, eclipse attack, pollution attack, and so on.

Related Work
Medina et al. proposed an SDN approach to detect targeted attacks in P2P fully connected overlays [5]. Luo proposes a secure routing protocol, Symmetric-Chord [6], which obtains multiple query results by querying both forward and reverse directions on the chord ring. Finally, whether there are malicious nodes in the path is judged according to whether the query results are consistent or not. However, the protocol requires additional query messages, which adds redundancy to the network. Ismail et al. proposed a malicious eviction mechanism (EM) for P2P overlays, which uses the divergent lookups to query the target and then analyzes whether there are malicious nodes in the query result [7].
is method also requires additional queries, increasing redundancy; in addition, divergent itself undermines the convergence of the path. Shen proposes a resilient routing table, the node by maintaining a variable-size routing table to reduce the harm of malicious nodes, and the disadvantage is which needs to maintain a large number routing table [8]. Xu proposes a routing algorithm that can bypass malicious nodes but does not consider the issue of load balancing [9]. Han et al. proposed a trust-based routing strategy to solve the security problem for structured P2P networks [10]. Quantified trust is used to select the next hop and neighbor. However, trust acquisition requires additional computing resources. Cholez et al. proposed a network crawler to detect malicious nodes, but it is only suitable for the Kademlia protocol [11]. Lu et al. proposed the P2P routing security mechanism SAP2PRMEDT based on multiple encryptions, which periodically detect malicious nodes through encryption technology, which affects network scalability [12]. erefore, the above research either adds redundancy to achieve security or sacrifices the scalability of the network for security or is only for some specific network, and our proposed security routing mechanism HFS-Routing can effectively avoid the above problems.

DHT Routing Model.
Routing is the process that the query message is forwarded to the correct destination node, using a route table and forwarding algorithm. Castañeda et al. pointed out that the routing depends on the query message and the data structure stored on the node. In structured peer-to-peer networks, the data structures stored on the nodes are mainly routing tables [13].
e DHT technology uses a mandatory convergence routing algorithm to store < ip: port, id > based on the node's id to construct a routing table, and the entire network forms a logic on the topology. For example, chord protocol routing algorithm identifier space as a ring, the ring is [1,2 i−1 ], and i is the length of the id. Each node in the chord protocol saves not only the <ip: port, id> of the predecessor and subsequent nodes that logically (by id) but also a finger table that facilitates quick lookups. Routing process is to find the corresponding physical address < ip: port, id>. For studying, we consider the entire peer-to-peer network as graph G, any node n ∈ N that participates in the network, if any two adjacent nodes n i and n j have a neighbor relationship with each other. en, n i and n j form an edge e ij , e ij and i≠j, its id, respectively, id i ,id j , e ij � Ιid i -id j Ι, and then, (1) Assuming that the forwarding algorithm is forward, the query message is query, and then, the message forwarding process is as follows: e � forward(n, query). (

2)
Assuming that path is the final path of the query message, r is the routing algorithm, the routing model can be expressed as follows: It is assumed that the query message returns the path e xy e yz ...e ij within the TTL. If the edge e ij contains the target node n j of the query message, then e xy e yz ...e ij is a successful path. On the contrary, e xy e yz ...e ij is failed path.

Degrading the Routing Mechanism by Malicious Nodes.
ere are three main attacks on the routing: sybil attacks, eclipse attacks, and routing table poisoning.

Sybil Attack.
Nodes in a peer-to-peer network are free to join the network, and it is this freedom that allows malicious nodes to fake multiple identities participating in the network. ese fake identities are often referred to as sybil nodes, and malicious nodes can then exploit sybil node to implement a variety of attacks. e harm of sybil attack is mainly to (i) destroy routing and (ii) destroy the integrity of stored file resources. In this paper, we confine ourselves to studying the effect on routing. When the sybil node receives the query message, according to the formula (2), sybil node breaks routing in two ways: (1) providing the wrong edge as the next hop; (2) does not provide any edge. Either way, the original convergence of the routing function r is ruined.

Eclipse Attack.
Eclipse attack is that an attacker who want to invade a node n, so he adds enough fake-node informations to the route table of node n in order to isolate the node n from the normal P2P network. Eclipse attack is a special kind of sybil attack, so eclipse attack on the impact of the path is also undermined the convergence of the routing function r. Table Poisoning. Routing table poisoning is to use the wrong route entries to replace the normal, and this will result in receiving the query message that cannot be transmitted according to the protocol, disturbing the normal routing mechanism, in essence, undermining the routing algorithm convergence.

Route
From the above analysis, it can be seen that the attack of malicious nodes on routing is essentially the destruction of the convergence of the routing mechanism.

Security Mechanism HFS-Routing.
According to the routing model, if the convergence of the query path is not enough, the routing will fail. On the other hand, if the query fails and there are divergent nodes in the query path, then the node is a malicious node, so we will propose a routing based on the failed path named HFS-Routing, HFS-Routing only saves failed paths information, so that it will not increase additional query messages and does not require additional bandwidth, so it has a higher feasibility and better scalability. In addition, the detection method is not related to topology, therefore which is universal and suitable for all peer-to-peer protocols.
Each node saves its recent query failed paths as shown in Figure 1, pi is the query failure path, and multiple paths form graph, and whenever the query fails, HFS-Routing updates failed paths graph and triggers a malicious node detection model FPD-Detect.

Detection Model FPD-Detect.
e FPD-Detect detection mechanism mainly detects whether there is a node (it is a malicious node) that causes path divergence from the failed path tree, and when the query fails which triggers the detection.
For the convenience of description, we agree that the edge from any node x to y is e xy ,. x,y ∈ n, x≠y. If there are edges e xy and e yz in a failed query path, edge e xy precedes edge e yz , we agree that e xy ≺ e yz . Next, we describe how to judge malicious nodes in the detection process.
(1) If there is e xy ≺ e yz in any failed query path, subpath e xy e yz are not converge than other subpath, then the nonroot node x may be a malicious node. For example, in Figure 1, e n2n3≺ e n3n4 exist, subpath e n2n3 e n3n4 are not converge, and then, n 2 may be a malicious node. (2) If multiple paths pass through the same node, the path with the smallest edges converges quickly. ere are malicious nodes in the path with more edges, and the first node in the nonroot node is a malicious node. (3) If there is a leaf node in multiple paths, then the node is a malicious node.
After the malicious node is detected, the routing entry corresponding to the malicious node is deleted from the routing table.

Detection Algorithm FPD-Detect.
On the node, we design graph G to store the failed path information and concretely use the adjacency list to realize the physical storage of G.
Pseudocode test code is as follows in Algorithm 1.

Experimental Analysis
In order to further evaluate the performance of HFS-Routing, we will generate 10,000 nodes using the NS platform to simulate the chord protocol. At the same time, we agree on the following parameters: S: query success rate, the number of successful queries/ the total number of pathfinder mf: malicious node rate, malicious nodes/total nodes ttl: query the maximum number of hops mil: malicious node insertion rate. e number of malicious nodes inserted into the network per second mdf: malicious node detection rate. e probability of detecting a malicious node pl: the average path length of successful query e first set of experiments is as follows: In order to facilitate comparison and calculation, we suppose that 100 malicious nodes are inserted into the network per second, so mil is 100, the maximum number of hops of the query message is equal to 10, and we compare the comparison of query the success rate of S changes between chord and HFS-Routing. e average success query path length is pl.
e results from Figure 2 show that the query success rate of a and B was almost the same in the first 300 ms of the experiment. However, with the gradual increase of malicious nodes, the proportion of malicious nodes in the network increased significantly, and the success rate of chord query began to decline, while the query success rate of B was only slightly affected, so HFS-Routing can improve the success rate of queries than chord when the proportion of malicious nodes rises to a certain threshold. In the actual network, various attacks are increasingly popular, especially the prevalence of botnets, which leads to the continuous increase of malicious nodes, and HFS-Routing can better solve this problem and effectively defend attacks by malicious node.
Next, we will assess the impact of the increasing number of malicious nodes on the length of successful query paths to compare the advantages of our model. From Figure 3, by the Mathematical Problems in Engineering analysis of the average path length of successful query, with the influence of malicious nodes, the chord protocol will eventually lead to the deterioration of the routing performance and the big of the average successful query-path length of HFS-Routing has not changed significantly with the increase of malicious nodes.
Query can eventually be reduced by a certain value. Finally, HFS-Routing obtains a shorter query path length. Under the condition of successful query, the longer the query path length, it indicates that the query is forwarded to the malicious node in the middle of query path. In the case of redundancy, although the query is finally successful, it indicates that the efficiency of the query is reduced, so HFS-Routing can improve query efficiency and reduces query overhead, so it is more feasible.

e Second Set of Experiments.
In order to compare the performance of the detection rate on malicious nodes with Symmetric-Chord [6] proposed in Luo et al. and SybilLimit [14] proposed in Yu et al., we will carry out the following pI 100 ms200 ms300 ms400 ms500 ms600 ms700 ms800 ms900 ms1000 ms Time / * * * DFS core pseudo code @param n is the node from which the search is currently started * * / bool FPD-Detect (Node n) { if (isEnd (n)) {//return true, once the search has reached an end state return true; } if (n.indgree > k1 and n.outdree � 0) {//return true once one is found. Return "n is a malicious node"; } if (n. Edge > stack2.top.edge) {//Once it finds a node that diverges the path to be forwarded, returns that node return "stack2.top is a malicious node"; } stack2.top ++ � n.edge; //Save the edge with n as the vertex arr [n] ++;//record n how many access path; if (arr [n]> k2) return "Malicious node"; //Back to the path through the node more than the number of trails, the path // e first non-source node is a malicious node.
for  comparative experiments, in which the maximum number of query hops ttl has effect on the detection rate on malicious nodes. Many experiments show that if ttl is small, then the query success rate of the algorithm will be reduced; however, when the ttl is greater than 10, the detection rate of the algorithm for malicious nodes will basically not change. At the beginning of the experiment, we set to query the maximum number of hops ttl is 10. en, we gradually increase the malicious node insertion rate mil at the same time. e final result is shown in Figure 4 ( e probability of detecting a malicious node).
From Figure 4, the results show that HFS-Routing has more advantages than Symmetric-Chord and SybilLimit in detection rate on malicious nodes if mil below 1400. When mil is above 1400, the advantage is not obvious. Considering that when most of the nodes in the network are malicious nodes, the detection rate of malicious nodes of all algorithms will increase so HFS-Routing has a higher detection rate of malicious nodes than other algorithms in practice. On the other hand, it does not need to sacrifice network scalability, so it is feasible.

Conclusions
In DHT-based peer-to-peer networks, malicious nodes attack on the routing through sybil attacks, eclipse attacks, and routing table poisoning. Most of the current researches on security routing realize safety at the expense of network performance or loss of feasibility, so we establish the model of the routing process. e common essence of the routing attacks is found to be the destruction of the convergence of the routing path. By the convergence detection, we propose a kind of secure routing mechanism HFS-Routing. Finally, the experiments are designed and analyzed. e results show that HFS-Routing has lower overhead, better scalability, and higher detection rate for malicious nodes. erefore, HFS-Routing is a highly feasible security routing mechanism. e contribution of this paper lies in (1) establishing the routing model and (2) proposing security mechanism HFS-Routing, which can effectively improve the safety of routing. In future research, HFS-Routing will further improve the false positive rate of detection.

Data Availability
e raw/processed data required to reproduce these findings cannot be shared at this time as the data also forms part of an ongoing study.

Conflicts of Interest
e authors declare that they have no conflicts of interest. Mathematical Problems in Engineering